If you have an AOL Mail account, hackers may have stolen your account information.
AOL sent an email to its users on Monday notifying them that hackers accessed information for a significant number of user accounts.
The company began an investigation after noticing a flood of spam “spoofed emails” appearing to come from AOL Mail addresses.
It believes spammers used the stolen information to send “spoofed” emails appearing to come from about 2% (approximately half a million) of AOL Mail accounts. Spammers use email spoofing to trick email recipients into opening an email by forging the sender’s address into one known by the recipient. If you have ever had friends or family tell you they received spam emails from your email address and you did not send them, you may have been the victim of spoofing.
“Although our investigation is still underway, we have determined that there was unauthorized access to AOL users’ email addresses, postal addresses, contact information (as stored in the AOL Mail “Address Book”), encrypted account passwords, and encrypted answers to security questions that we ask when a user resets his or her password,” AOL said in a Security Update.
While the company told users that hackers accessed encrypted information during the security breach, there was no evidence that encryption of passwords, security questions or financial information had been broken.
“Our security team has put enhanced protective measures in place and we urge our users to take proactive steps to help ensure the security of their accounts,” AOL advised.
AOL strongly encouraged users and employees to change their passwords as well as security questions and answers as a precaution.
Good email practices to protect yourself:
- Do not respond to, click links or download attachments from suspicious emails.
- Do not reveal personal, account or financial information via email or by clicking a link in an email. Spammers like to use spoofing to make emails appear to come from a bank or other trustworthy source.
- Verify the authenticity of suspicious emails by contacting the sender by means outside the suspicious email, by calling or sending a direct email (not using the reply button).
- If you believe you are the victim of spoofing, let your friends and email contacts know. Likewise, let friends and contacts know if you receive suspicious emails that appear to be sent from them.